Malware Stats: 72 Percent of Threats are Unique
The trend towards customized malware continues.
Sourcefire's latest stats come from its Immunet 3.0 antivirus solution that leverages the open source Clam antivirus engine as well as cloud powered detection engines.
According to data collected from Immunet installations for the month of July , 72 percent of the detected threats were isolated cases. That is, they were unique forms of malware not seen before. Out of the Sourcefire Immunet user base, 16 percent experienced at least one form of malware infection. Additionally, among those infected users, 70 percent had one or more infections on their system.
The findings don't come as a surprise to Sourcefire.
Immunet uses an in the cloud detection engine to help spot threats. O'Donnell noted that it's no longer entirely possible or cost effectively to catch everything on a single individual machine without the cloud resources. He explained that if for example there was only a thousand viruses out in the wild and Sourcefire put out a database with a thousand definitions, each detection has a value of one out of a thousand. O'Donnell added that when you got a million or ten million viruses the probability of detection is very small, so the cost ends up being higher to deliver the same level of protection.
Immunet 3.0 has both a free product and a paid product that provides an additional layer of scanning. According to O'Donnell, 84 percent of the detected threats were found by the core product while 16 percent was found by the additional scanning found in the paid product. O'Donnell credits the cloud engine and its ability to correlate data and threats as helping Immunet to catch more malware than a non-cloud solution.
Moving forward, Sourcefire is currently working on an enterprise version of Immunet named Immunet 4.0 that provides additional capabilities.
"Our technology from very early on was built to understand what is implicitly good and what is implicitly bad and then looks at things in the grey space in between," O'Donnell said. "That allows us to be able to give a more precise definition of what is malware and act more aggressively on malware outbreaks."
"It's an issue of what software can be trusted and us acting as an intermediary to help make a decision," O'Donnell added.